Originally Published: Friday, 18 February 2000 Author: Eric Warmenhoven
Published to: learn_articles_firststep/General Page: 1/1 - [Std View]

Simple Steps to Secure your System

Keeping your computer secure is one of the most important things about using a computer. Even if you don't have any information on your computer, you still have resources that can be taken advantage of. This is exactly what has happened in the recent attacks on Yahoo, CNN, and many others: lots of people left their system insecure, and someone used their resources to attack one site. It is up to you to prevent this from happening.

Simple Steps to Secure your System

Keeping your computer secure is one of the most important things about using a computer. Even if you don't have any information on your computer, you still have resources that can be taken advantage of. This is exactly what has happened in the recent attacks on Yahoo, CNN, and many others: lots of people left their system insecure, and someone used their resources to attack one site. It is up to you to prevent this from happening. There are some simple ways that you can prevent your computer from being "compromised", taken advantage of by intruders. We'll go through some of these ways in this article.

The simplest way to keep your computer secure is by keeping up with the latest product updates from your distribution. This may seem obvious, but it's a time-consuming task that all too many users neglect to do. Most Linux distributions have web pages up announcing the latest security announcements, with intructions on how to fix the problem. Make sure to check these pages often.

One way to prevent network intrusion is by not providing network services, such as telnet, smtp, and linuxconf. Most users don't have need for these services, and they pose a potential risk to security. There are a few simple steps you can take to see what you are currently running, and turn them off.

First, to see what you are running, run the command `netstat -ap | grep "*:*"`. If run as root, this will tell you all the ports that are currently open on your computer, and what programs have them open. A typical line may look like:

tcp 0 0 *:www *:* LISTEN 348/httpd

The first column is the protocol that is being used; the third, what address and port it is listening on; the fifth, the process ID and name of the program which has the port open.

After seeing what you have open, try to decide what you need to have open. Bear in mind that each service poses a possible security hazard. Services such as sendmail and linuxconf are especially cause for concern; sendmail for its history of insecurity and linuxconf because of the amount of control it provides. Inetd services and SunRPC are also cause for concern.

If you feel you need services such as telnet, look for alternative, more secure programs. Secure Shell offers the same service as telnet, but does so more securely than telnet does, as it sends all information encrypted, whereas telnet sends information 'in the clear', without encryption. You can usually run the command 'killall program-name' as root to turn these services off. 'killall -KILL program-name' will forcibly kill the program, and is not advised unless if the program is not responding and you cannot figure out how to safely stop them. Also, the init scrips, located either in /etc/rc.d/init.d or /etc/init.d will usually allow you to stop a service gracefully.

Now that you have turned off unwanted services, you'll want to make sure they don't come on when you reboot. Usually these services are started at boot time by the init scripts, usually in /etc/rcN.d or /etc/rc.d/rcN.d, where N is the runlevel (e.g. 3 for networked multiuser, 5 for X, etc.). You can prevent them from starting up by changing the first letter in their name to lowercase. For example, 'S85httpd' would be renamed 's85httpd'.

Instead of turning off inetd completely, you may want to only turn off some of the services, but leave others open. To do this, edit /etc/inetd.conf, and comment out the services you do not want turned on by putting a hash mark ('#') in front of the line. The default inetd.conf files have good examples of this, and are usually well-commented.

It's important that we all do our part to secure our computers and the resources that they provide. The denial of service attacks like those carried out against Yahoo and others will be more difficult to carry out if the attackers cannot find the resources to use.

Eric Warmenhoven - warmenhoven@linux.com